The Hacker News | Expert Insights

For most of its history, the Security Operations Center (SOC) has been a privilege of the few. Building one meant millions in technology spend and round-the-clock analyst coverage. Unsurprisingly, for years, SOCs were a privilege of the few -  large enterprises and organizations with high-risk profiles, where budgets and scale justified the investment. Everyone else was left with partial coverage or had to outsource. That reality is changing. AI has flipped the SOC equation. What was once out of reach for all but the largest enterprises is now accessible and affordable for nearly every company that needs one. The risk every company faces By now, almost any 9-year-old knows that cyberattacks threaten every company . It’s no longer just banks and financial giants in the crosshairs. Over the past decade, cyberattacks have expanded into every sector, from e-commerce sites to research institutes to local hospitals. Recent data from the ‘VikingCloud 2025 SMB Threat Landscape’ repo...

Artificial Intelligence (AI) has served as a great resource for cyber defenders by enabling real-time detection and response through advanced pattern recognition and predictive analysis that traditional methods weren't able to achieve. However, AI has recently become a dangerous and widely available enabler for attackers to leverage. CISOs now face adversaries who easily scale large-scale cyberattacks like spear-phishing and polymorphic malware at machine speed.  This article examines the rising AI-driven cyberthreat landscape and presents the browser, the enterprises’ new endpoint, as the most strategic control plane for defense. By adopting a Secure Enterprise Browser (SEB) into the security stack, enterprises can reduce their attack surface, contain incidents at scale, and future-proof themselves against these advanced attacks.  Why Traditional Defenses Struggle Against AI  Most organizations have robust defense in place against cyberattacks, such as firewalls, EDR...

As hybrid and multi-cloud environments become the standard, organizations are under growing pressure to deliver scalable and secure remote access. Traditionally, Virtual Private Networks (VPNs) have been the go-to solution for connecting remote users to corporate networks. While VPNs have been essential for remote access, they were originally designed for simpler, perimeter-based security models. Organizations that rely solely on VPNs face significant limitations, including weak access control, increased risk of lateral movement and poor visibility. Continue reading to learn the limitations of VPN-based access and how KeeperPAM® provides a strong, modern alternative for securing remote access. Why VPNs are no longer enough Although VPNs have been used to enable remote access within organizations, the limitations of VPNs are becoming increasingly clear as IT environments span across multiple on-premises, hybrid and remote systems. Relying on VPN-based access alone can actually make ...

These days, there are plenty of ways to run DDoS simulation testing and make sure you’re protected against attacks. You can do it on your own using commercial software or open-source tools—whatever works best for you. That said, there are a few must-haves when it comes to running DDoS tests. For one, you’ll need a platform that allows you to easily start and stop attack simulations as needed. Plus, don’t forget to notify and get approval from relevant parties, such as your cloud provider or tool vendor, before you begin testing. Beyond these basics, there are some best practices that can help you get the most out of your  DDoS testing . 1 – Plan tests to validate the protection of your most critical assets  While it may be easier to run black box testing (basically launching attacks without looking at the internal structure, architecture, and configuration of your protection), a white box testing approach is much more effective when it comes to uncovering serious vulnera...

You’re jolted awake by a 2:46 AM critical alert: ransomware in production. Customer data’s compromised, systems are locked, and $1 million Bitcoin demand stares back at you. Your SIEM lit up. EDR flagged unusual file access. ITDR surfaced account anomalies. But it’s too late. The attacker got in with stolen credentials, likely from a phishing email. Once authenticated, they slipped past your defenses, escalated privileges, and detonated ransomware. The post-incident report reveals what your tools missed: the initial login. If authentication had tapped real-time signals from your existing security stack — device compliance, threat intelligence, or login anomalies — the stolen credential could have been blocked at the login prompt, stopping the attack cold. Why Identity Is the New Perimeter Adversaries are increasingly focused on identities and credentials rather than fortified perimeters or servers. After all, why bother cracking a vault when you can stroll in with the keys?  ...

What are Ephemeral Accounts? Corporate audits today, for cyber security insurance or compliance, focus on group memberships to identify who has access to what. This process identifies who is a Domain Admin, Enterprise Admin, Local Administrator, Database Global Admin, Global Admin in Azure, and Root Access in AWS. Accounts with this level of access likely have static privilege. I like to call these accounts game-over accounts. If these accounts are compromised, the company will have a massive issue on its hands.  Other account types lurking in your environment can cause this level of damage. Many DevOps accounts and API keys can also cause this level of damage if compromised. DevOps accounts sometimes fall under the radar outside of the scope of compliance and cybersecurity insurance.  The new Privileged Access Management buzzword among vendors, analysts, and operations teams is Ephemeral Accounts . A common phrase I tend to hear is that we don’t have static privileged acc...

At some point in the last decade, SIEMs turned into that one friend who always promises to help you move, then shows up late, eats all your pizza, and still expects gas money. They were supposed to deliver centralized visibility and faster investigations. Instead, most SOC teams ended up with endless alerts, eye-watering bills, and dashboards that look impressive on the big screen but don’t actually stop attackers. So, how did we end up here? A short history: when SIEMs were actually useful Back when firewalls were still exciting, SIEMs solved a real problem: logs scattered everywhere, auditors breathing down your neck, and no way to answer “who logged into what, when?” Then came the “next-gen” era. Vendors promised smarter detection, correlations across your stack, and even a pinch of threat intel. The promise was fewer false positives and a faster response. But instead of taming noise, NG SIEMs just amplified it. It was like turning up the volume on a broken radio and calling ...

Security teams today live in two different realities. On one side, platforms like ServiceNow create order: every vulnerability has a ticket, every incident has a workflow, and everything ties back to the CMDB. On the other side, attackers create chaos. They don’t follow workflows. They look for the easiest way in, chaining together whatever exposures they can find until they reach something valuable. A vulnerability marked as “medium” in a ticketing system can still be the critical link in an attack path that leads straight to a company’s crown jewels. In the ticketing system, the issue appears in isolation, yet attackers see how it connects to everything else. Without visibility into how exposures link together, teams risk wasting effort while the actual attack paths stay open. This is where ServiceNow’s integration with XM Cyber comes in. By layering attack graph analysis onto VR and SIR , the platform lets teams see each issue through an attacker’s eyes. Tickets and incidents ar...

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has historically breached companies by stealing credentials and databases. Recently, however, they’ve shifted tactics to aggressive social engineering, mirroring the methodology of the Scattered Spider group. Instead of exploiting software vulnerabilities, ShinyHunters now exploits human trust, targeting the underbelly of third-party SaaS platforms through impersonation and phishing. In mid-2025, a wave of breaches struck companies like Google, Workday, Pandora, Cisco, Chanel, and others, all tied together by one common thread: the attackers leveraged access to these firms’ Salesforce CRM or similar cloud systems. Below, we look at what happened in the Google and Workday breaches, examine techniques ShinyHunters used, and demonstrate how a dynamic SaaS security approach (like Reco’s) could have...